ShinyHunters extorts Rockstar
The threat actor group ShinyHunters is publicly extorting Rockstar Games with allegedly stolen financial records, player data and contracts and set an April 14 ransom deadline. The leak and deadline were posted publicly, prompting community and security attention. (x.com)
Rockstar Games says attackers accessed a limited amount of company information through a third-party breach, after ShinyHunters posted a public ransom deadline of April 14. (forbes.com) In a statement reported by IGN and others on April 12, Rockstar said the breach involved “non-material company information” and “has no impact on our organization or our players.” ShinyHunters’ leak-site post said Rockstar’s “Snowflake instances were compromised thanks to Anodot.com.” (ign.com) Forbes reported the attackers threatened to publish or sell the data if Rockstar does not pay by Monday, April 14, 2026. Reports traced the claim to a dark-web post that said, “Pay or leak,” and warned of “several annoying (digital) problems.” (forbes.com) The technical dispute centers on a supply-chain breach, where hackers reach a target through a vendor instead of breaking the target’s own systems first. Forbes said the reported path ran through Anodot, a software-as-a-service cloud-cost tool, before attackers used stolen authentication tokens to reach another cloud platform used by Rockstar. (forbes.com) That matters for Rockstar because the company is already carrying the history of the September 2022 Grand Theft Auto VI leak, when more than 90 development clips appeared online. CBS News reported in December 2023 that Arion Kurtaj, the teenager tied to that hack, was sentenced to indefinite detention in a secure hospital. (cbsnews.com) This time, Rockstar is drawing a narrower line than in 2022: the company says the newly accessed material was limited and did not affect players. Polygon and GamesBeat both reported Rockstar’s position that the breach does not affect players or the company’s operations. (polygon.com) (gamesbeat.com) ShinyHunters is not a new name in cloud-data extortion. Google Threat Intelligence Group said in 2025 that actors using the “ShinyHunters” brand were escalating pressure on victims with leak-site tactics tied to earlier data-theft campaigns. (cloud.google.com) Federal investigators have described similar playbooks in other cases: steal data first, then demand cryptocurrency to stop publication. An Internet Crime Complaint Center advisory from the Federal Bureau of Investigation said some victims later received extortion emails “allegedly from the ShinyHunters group.” (ic3.gov) Rockstar had not publicly detailed the exact records taken as of April 12, and several reports describing financial files, contracts, or player data relied on the attackers’ own claims. By April 14, the next test is simple: whether Rockstar’s “no impact” stance holds, or whether ShinyHunters follows through on its deadline. (insider-gaming.com)
